How to encrypt your cloud storage for free
- — 25 September, 2012 21:44
If you want something done right, you need to do it yourself. That may sound like a trite cliche, but the maxim rings true when it comes to securing files that you've stored online: A handful of recent incidents--including breaches of Dropbox and iCloud--underscores the fact that even with built-in encryption and SSL transfers, cloud storage providers can't perfectly ensure the sanctity of your data.
Luckily, however, you can take cloud security into your own hands.
A few different tools can help safeguard the privacy of your data when you store it on a remote server. One of our favorites is BoxCryptor, an easy-to-use encryption program that works with all the popular cloud services, is free to use (though you can pay for upgrades), and can help keep your data safe.
BoxCryptor is basically a virtual hard disk that encrypts files on the fly using 256-bit AES encryption. Unlike TrueCrypt, another popular on-the-fly encryption tool, BoxCryptor encrypts individual files, not an entire volume or container. That means that your BoxCryptor-encrypted files sync with your cloud storage service immediately after you save them, whereas with TrueCrypt syncing occurs only after you finish encrypting an entire volume.
BoxCryptor works by encrypting and decrypting your files locally, and doesn't transmit your password to any third parties. In other words, your files will remain unreadable to outsiders even if hackers manage to steal your password, or otherwise breach the defenses of your cloud storage provider.
Setting up BoxCryptor is fairly painless, but the service does have a few nuances that could throw you for a loop. I'll get into those after discussing the differences between the various BoxCryptor offerings and showing how to get the encryption software up and running.
Which version of BoxCryptor is right for you?
BoxCryptor comes in three versions: one that's free, an Unlimited Personal version that costs $40 and an Unlimited Business version that costs $100. Free Android and iPhone apps are also available.
The free version should work just fine for many people. It lets you operate a single virtual hard disk for encrypting/decrypting files (more on how to do that later). Upgrading to the Unlimited Personal version enables multiple virtual drives that allow you to access several encrypted folders simultaneously; it also lets you encrypt file names, not just file contents. The Business license is the same as the Unlimited Personal license, but includes a legal clause that allows you to use it in the workplace.
The first step in setting up BoxCryptor is simply figuring out how to download the right program from the BoxCryptor website. The row of gray icons at the top of the download page looks like a simple informative image, but you'll actually need to click on the icon of your operating system to snag the installation file.
Once you have it, you'll need to double-click the file to start the installation wizard, then choose Create a new BoxCryptor folder. The next screen will ask you to choose a location for the encrypted folder. The destination can be an offline local folder, but the big draw for BoxCryptor is that it works with any cloud storage service that creates a local directory on your PC, such as the desktop clients for Dropbox, Google Drive, SkyDrive or Sugar Sync. Most cloud storage services create a local directory in C:/Users/*UserName by default. After you choose the destination folder, enter a name for the BoxCryptor folder that you're creating.
Next, you'll need to choose a drive letter designation for the virtual disk. Be sure to pick one that isn't already being used. (I chose S: for SkyDrive.) Finally, create a password, and you're good to go. I strongly recommended creating a backup of your BoxCryptor configuration file when prompted, since you'll lose the ability to descramble your data if you accidentally delete the config file and don't have a spare handy.
Reboot your PC after closing the wizard to complete the installation process. The virtual drive will appear alongside your physical drives when the computer restarts.
Here's the tricky part: You can't just drag files into the BoxCryptor.bc folder that the software creates in your cloud storage directory. If you do that, the files won't be encrypted. Instead, you'll need to deposit your files directly into BoxCryptor's virtual drive--S: in my case. Doing so will also make them appear in your cloud storage folder in encrypted form.
Similarly, the only way to unencrypt your files is to withdraw them via the same virtual drive. If you try to snag your files directly through the BoxCryptor.bc folder they'll still be encrypted and you won't be able to read them.
This regimen makes accessing your files on the road a bit of a hassle, but even the free version of BoxCryptor allows users to access cloud-stored encrypted folders, assuming you have both BoxCryptor and your cloud service's desktop client installed on your PC. BoxCryptor also offers an Android app that lets you access your encrypted SkyDrive, Google Drive, and Dropbox files after you enter your BoxCryptor password. An iOS app is available, but it works only with Dropbox.
Since all the encryption and decryption action happens on BoxCryptor's virtual drive, you'll likely have no reason ever to wander into the BoxCryptor.bc folder stored in your cloud drive. If you do, however, be very, very careful not to move or delete the encfs6.xml file. That's the configuration key needed to decrypt your files. If you move or delete it, you will be unable to decrypt your files.
Maintaining multiple encrypted drives for free
Anyone who purchases BoxCryptor Unlimited has the ability to run multiple BoxCryptor virtual drives simultaneously, but free users are limited to a single virtual drive. Does that mean you can encrypt or decrypt files at only a single cloud storage service or offline location? Not at all. It simply means that you can have only a single virtual drive operating at a given time. Basically, you can create several encrypted folders, but you can encrypt or decrypt files for only one at a time.
To create another encrypted folder in a second location, right-click on the BoxCryptor icon in your system tray and select Preferences. Next, enter Advanced Mode--ignoring the warning displayed by the program--and click on the icon for your encrypted virtual disk. The Remove option will turn red and become active; click on it. Poof! Your drive disappears from the list. Don't worry, the actual files (and their encryption key) weren't deleted.
Now, click on the New icon. The installation wizard will pop back up. This time, create another encrypted folder for a different cloud service or offline folder than you did originally. For example, I created an encrypted folder in my Dropbox account to complement the BoxCryptor folder I'd already created in my SkyDrive one. Finish up the creation process as you did before, creating a password and selecting a virtual drive designation. Advanced options will pop up during the process, but you don't have to worry about those unless you're curious about the software's niche uses. Bonus: You don't have to reboot the second (or third, or fourth, or...x) time you create a BoxCryptor folder.
When you're done, a BoxCryptor.bc folder appears in the new location, and a BoxCryptor virtual drive appears on your computer, just as before. Utilize this second encrypted folder the same way you did your first one, by adding and removing files via the virtual drive, not the BoxCryptor.bc folder itself.
But what if you need to access or add a file in the encrypted folder you created the first time around? That virtual drive--but not the folder itself--disappeared when you removed it from the BoxCryptor list to create your second encrypted folder. Fear not: It's easy to connect back to your previously created BoxCryptor folders.
First, Remove your current virtual drive in the Advanced Mode as you did before, but this time, click Add rather than New when you're done. You'll be asked to choose the location of a BoxCryptor folder; select your originally created BoxCryptor.bc destination. (In SkyDrive, in my case.) Next, choose a letter for the virtual drive you're creating, ignore the advanced options, and enter your password for the encrypted folder when prompted. Bam! A virtual drive connected to your original BoxCryptor folder appears on your computer, allowing you to encrypt and decrypt your files to your heart's content.
Deselecting and reactivating virtual drives in order to jump between multiple encrypted folders gets the job done, but running through the reactivation process over and over again gets very tedious if you bounce between multiple services on a regular basis. If you want to maintain several encrypted folders and plan on using them often, I highly recommend upgrading to the $40 Unlimited Personal license--both to cut back on the headache and to support the developers of this excellent piece of software.